RAMAIAH, Ser. No. 10/792.146, GAU 2132, Examiner J. Kim 

REPLY TO OFFICE ACTION 

REMARKS 

The examiner is thanked for the performance of a thorough search. Claims 1, 7, and 8 are 
amended. Claims 15-17 are canceled. New claims 18-47 are presented. Hence, Claims 1-14 
and 18-47 are pending in the application. The amendments to the claims as indicated herein do 
not add any new matter to this application. Furthermore, amendments made to the claims as 
indicated herein have been made to exclusively improve readabiUty and clarity of the claims and 
not for the purpose of overcoming alleged prior art. 

Each issue raised in the Office Action mailed October 19, 2005 is addressed hereinafter. 



New claims 18-47 generally correspond in scope to claims 1-14 as follows: 



Method 
Claims 


Computer-Readable 
Medium Claims 


Apparatus Claims with 
"Means" 


Apparatus 
Claims 


1-6 


18 


20-25 


26-31 


7-14 


19 


32-39 


40-47 



1. ISSUES NOT RELATING TO PRIOR ART 

A. SPECIFICATION 

The Office Action objected to the disclosure because of an informality on page 4. The 
informality is addressed herein. Reconsideration is respectfiiUy requested. 

B. SECTION 101 ISSUE 

The Office Action rejected claim 17 as allegedly not limited to tangible embodiments. 
Applicants disagree. Claim 17 recited an article of manufacture in the form of a computer- 
readable medium, which is statutory subject matter because 35 U.S.C. 101 does not state that a 
"manufacture" must be tangible in the sense of graspable, able to be handled, or perceivable by 
the unaided human senses, and no case decision has imposed such a requirement. Indeed, the 
Office has issued patents for single-cell life forms, which are imperceptible and unable to be 
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handled except with the aid of a microscope or a needle. Light waves are tangible, as anyone 

who has endured sunburn, or performed or undergone laser surgery, can attest. 

Although the Office has no basis in the statute for the rejection, and has cited no 

supporting case law, to expedite positive resolution of the case and save the Apphcants the cost 

of an appeal, claims 18-19 herein recite tangible storage media. Favorable consideration is 

respectfully requested. 

IL ISSUES RELATING TO PRIOR ART 

A. CLAIMS 1 TO 6— PETERSON ET AL. 

Claims 1-6 stand rejected under 35 U.S.C. § 103(a) as allegedly unpatentable over 
Peterson et al., "Computer Networks," Chapters 2 and 5 ("Peterson"). The rejection is 
respectfully traversed. 

The Office Action reasons that the sliding windows of Peterson "have the property of 
ignoring bytes received outside of the sequence number range (the window) because it is 
assumed that a received segment either has been read or the received segment has a sequence 
number too high to be stored by the buffer at that time." (Citations omitted.) "Hence," the Office 
Action contends, "Peterson discloses receiving a TCP segment carrying an ACK value . . ." and 
performing the claimed determining and discarding steps. 

This is incorrect. In Peterson, ignoring bytes received outside of the sequence number 
range is a determination based on the sequence number, not based on the ACK value as 
claimed. As defined in RFC 793, TCP segments carry both a sequence number and an ACK 
value — ^two separate values, used for entirely different purposes. Purely for clarification and to 
make express what was previously inherent, present claim 1 recites that the segment has a 
sequence number and a separate ACK value. Peterson has no disclosure whatsoever about 
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performing any test on the ACK values of a received segment, or discarding segments when the 

ACK value satisfies a particular test, as claimed. 

For example, Peterson pp. 105-1 15, introducing a generic sliding window algorithm, 
describes all variables in terms of sequence numbers; the TCP-specific description of Peterson 
pp. 383 is based on that foundation. Peterson pp. 1 12, second fiiU paragraph ("When the 
incoming fi-ame is an ACK . . .) actually teaches away fi-om the claimed approach by stating that 
ACK fi^ames are processed without any form of testing on the magnitude of the ACK value. 
Peterson p. 383, last line refers to sequence numbers only. Peterson p. 384 refers to three 
pointers of a receiver that are necessarily based on received sequence numbers. 

The difference between sequence numbers and ACK values is well known among skilled 
TCP developers, and if Peterson had meant to refer to testing ACK values, Peterson would have 
used that term. Thus, the rationale of the Office Action is not supported in Peterson. 

Perhaps recognizing the deficiency of Peterson, the Office Action provides, at pp. 4-6 
(paragraph 9-12), a rationale for equivalency. However, the rationale is incorrect for at least two 
reasons. First, paragraph 1 1 is not correct. Determining whether the ACK < min(initial 
sequence number, lower boimd of the window assuming next acknowledged sequence value is 
the upper bound) and discarding such segments is not what is claimed, and is vuhierable to an 
attack that Applicant's claims prevent. Assume that ISN=1, snduna=272, window size=200, the 
last ACK'd byte had a sequence number of 72, and an attacker sends ACK=50. Under the Office 
Action's rationale, 50 is not less than the ISN of 1 (and the ISN is always the lesser value in the 
Office Action's "min" statement). Therefore, the Office Action's approach would accept the 
packet. In contrast, in AppUcant's approach: 

50<272-min (272-1,200) 
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50 < 272 -200 
50<72 

Therefore, Applicant's approach would reject the packet, because the attacker has attempted to 
present an invalid ACK value. 

Many other examples can be given, but the preceding estabhshes that paragraph 1 1 of the 
Office Action does not state relationships that are equivalent to what is claimed. Moreover, 
Peterson does not suggest or teach the relationships proposed in the Office Action, because 
Peterson says nothing about testing ACK values in any way, as opposed to sequence numbers. 
Peterson, as with RFC 793 and the other prior approaches identified in Applicants' Background 
section, does not test ACK values at all, relying on senders to "honestly" present such values. 

At page 6, the Office Action presents an alleged motivation to modify Peterson to 
provide the subject matter of claim 1 based on Peterson p. 383. However, the motivation is 
irrelevant. The attacks prevented in the claimed approach do not attempt to disrupt the order of 
received bytes; instead, they attempt to inject harmfiil data payloads into the TCP stream, to 
cause applications to crash or perform errors. Note that in Applicants' FIG, 2, in packets 114, 
1 16 the attacker has guessed a valid sequence number; thus, maintaining ordered data in the face 
of attacks is not an issue involved in the claimed solution. As a result, no skilled artisan would 
consider modifying Peterson for the reason given in the Office Action. 

Claims 2-6 depend firom claim 1 and incorporate all the features of claim 1 by 
dependency. Because Peterson does not disclose, teach or suggest the subject matter of claim 1, 
Peterson necessarily does not disclose, teach or suggest the subject matter of claims 2-6. Further, 
the dependent claims have features that independently render them patentable. For example, 
claim 5 recites "determining whether the ACK value is equal to an expected ACK value or a 
range of values less than an initial sequence value window" and discarding a TCP segment when 
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the quoted determination is true. As discussed above, Peterson has no description about testing 

ACK values, as opposed to sequence number values. Therefore, Peterson does not teach, 

disclose or suggest the quoted feature. 

For at least the foregoing reasons, Peterson does not teach or suggest the subject matter of 
claims 1-6. Reconsideration is respectfully requested. 

Claims 18, 20-25, and 26-31 correspond in scope to claims 1-6, and are allowable for the 
reasons given above for claims 1-6. Favorable consideration is respectfully requested. 

B. CLAIMS 7- 1 7— PETERSON IN VIEW OF ZUK 

Claims 7-17 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Peterson 
in view of Zuk et al. 2003-0154399 (Zuk). The rejection is respectfully traversed. 

The Office Action relied on Zuk to show the feature of claim 7 of "discarding TCP 
segments from the re-assembly buffer when the first TCP segment overlaps any data segment 
previously received in the re-assembly buffer." Present claim 7 recites "discarding all TCP 
segments that are in the re-assembly buffer when the first TCP segment overlaps any data 
segment previously received in the re-assembly buffer," as in original claim 8. Zuk's entire 
disclosure relating to "overlaps" is: "... the TCP reassembly software module .... Orders the 
TCP packets that arrived out of order while removing packet overlaps and dupUcate packets that 
were unnecessarily re-transmitted." 

Zuk's one-sentence description cannot reasonably be interpreted to provide for discarding 
all segments — even non-overlapping ones — ^when a particular segment overlaps any previously 
received segment, as the Office Action contends regarding former claim 8 (Office Action, page 
8, paragraph 19). The rationale stated in the Office Action — ^that removing segments would have 
been obvious because identifying overlap indicates an inconsistency — comes only from 
AppUcants' specification, not from Zuk or any other source. Zuk only describes "removing 
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packet overlaps," not non-overlapping packets as well Further, nothing in Zuk or any other 

reference suggests interpreting an overlap as indicating injection of spurious segments, and 

discarding all segments in response. That rationale comes solely from AppUcants' specification. 

Thus, the Office Action is foimded on impermissible hindsight. Indeed, the Office Action 

indicates the use of hindsight by stating that Applicants' claim "is obvious," rather than *Vould 

have been obvious," which is the language of the statute. 

Claims 8-14 depend from claim 7 and incorporate all the features of claim 7 by 
dependency. Because Peterson in view of Zuk does not disclose, teach or suggest the subject 
matter of claim 7, Peterson in view of Zuk necessarily does not disclose, teach or suggest the 
subject matter of claims 8-14. Further, the dependent claims have features that independently 
render them patentable. For example, present claim 8 recites, "storing the first TCP segment in 
the re-assembly buffer when the first TCP segment overlaps any data segment previously 
received in the re-assembly buffer." Thus, in the complete subject matter of claim 8, detecting 
overlap with a newly received segment results in discarding everything in the reassembly buffer, 
but storing the newly received segment there. Zuk has no teaching of this technique. 

For at least the foregoing reasons, Peterson does not teach or suggest the subject matter of 
claims 7-14. Reconsideration is respectfully requested. 

Applicants interpret page 10, paragraph 25 of the Office Action to reject claims 15-17 
over Peterson in view of Zuk. Claims 15-17 are canceled herein, so the rejections of claims 15- 
17 are moot. 

Claims 19, 32-39, and 40-47 correspond in scope to claims 7-14, and are allowable for 
the reasons given above for claims 1-6. Favorable consideration is respectfully requested. 
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III. CONCLUSIONS & MISCELLANEOUS 

For the reasons set forth above, all of the pending claims are now in condition for 
allowance. The Examiner is respectfully requested to contact the undersigned by telephone 
relating to any issue that would advance examination of the present application. 

A petition for extension of time is hereby made for three (3) months and otherwise to the 
extent necessary to make this reply timely filed. A check for the petition for extension of time 
fee is enclosed herewith. If any applicable fee is missing or insufficient, throughout the 
pendency of this application, the Commissioner is hereby authorized to any appUcable fees and 
to credit any overpayments to our Deposit Account No. 50-1302. 

Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 



Dated: April 13, 2006 




Christopher J. Palermo 
Reg. No. 42,056 



2055 Gateway Place Suite 550 
San Jose, California 95 1 1 0- 1 093 
Telephone No.: (408) 414-1080x202 
Facsimile No.: (408)414-1076 
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